TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
513
operation and read any file within Sunview. The selection service Remote procedure call(RPC) program could allow a
remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read any file readable by
the user. This signature detects when an attacker send specially-crafted pattern on TCP RPC.
Signature ID: 16122
Showfhd service Vulnerability
Threat Level: Information
Nessus: 10232
Signature Description: Showfhd is a RPC based server. Showfhd is a daemon that provides the full path name for the
given file handle. If the daemon cannot find the file or the inode number, it returns an error message. This signature
generates when an attacker try to identify whether showfhd service is running. If this service do not use, the
administrators are advised to disabled the showfhd service. This signature specifically detects when an attacker send a
request by using TCP service.
Signature ID: 16123
Snmp service vulnerability
Threat Level: Information
Nessus: 10233
Signature Description: Simple Network Management Protocol is a remote management protocols. An attacker can use
Simple Network Management Protocol to gain valuable information about the system (such as information on network
devices and current open connections) when SNMP uses default words, such as public or private, for the community
word. If no community is specified, then the SNMP server responds to queries from any system. This signature
generates an event, when an attacker try to identify whether SNMP service is running. This signature specifically
detects when an attacker send malicious pattern on TCP-RPC traffic. If SNMP service is need for network
management,properly configure with private community names.
Signature ID: 16124
Sprayd service Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0613 Nessus: 10234
Signature Description: Rpc.Sprayd is the spray server. It is used mainly for testing, and often to simulate a network
load. It records the packets sent by spray, and sends a response to the originator of the packets. It sends a one-way
stream of packets to a host using RPC, and reports how many were received as well as the transfer rate. If this service is
in enabled, a remote attacker gain unauthorized information. So, the Administrators are advised to disable the Sprayd
service, if it is not necessary. This signature detects when an attacker send specially-crafted pattern on TCP RPC.
Signature ID: 16125
Statd service access
Threat Level: Warning
Industry ID: CVE-1999-0018
Bugtraq: 127 Nessus: 10235
Signature Description: Statd is the RPC NFS status daemon. It is used to communicate status information to other
services or host. The version of statd shipped with many unix implementations contains a buffer overflow condition.
This overflow condition exists in the handling of 'SM_MON' RPC requests. Statd service is listen on both tcp and udp
ports. This signature generates an event when an attacker try to identify whether Statd service is running.
Administrators are advised to disable the Statd service if it is not needed. This signature specifically detects when an
attacker send request by using tcp service.